{"id":47529,"date":"2020-09-03T16:37:26","date_gmt":"2020-09-03T22:37:26","guid":{"rendered":"https:\/\/jumpcloud.com\/?page_id=47529"},"modified":"2024-07-01T16:04:36","modified_gmt":"2024-07-01T20:04:36","slug":"vulnerability-disclosure-policy","status":"publish","type":"page","link":"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy","title":{"rendered":"Vulnerability Disclosure Policy"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-introduction\">Introduction<\/h2>\n\n\n\n<p>JumpCloud is committed to protecting the privacy and security of our customers.&nbsp; Although we have taken every effort to minimize all the security bugs in our systems, we realize that something may have been missed.&nbsp; We encourage individual security researchers to study\/analyze our platform to make it even safer.&nbsp; Our Vulnerability Disclosure Program (VDP) is intended to minimize any security flaws found in our infrastructure and software.&nbsp; If you believe you have found a security vulnerability in our platform, please contact us as soon as possible.&nbsp; We will investigate all legitimate reports and do our best to address the issue quickly.&nbsp; Before reporting the issue, please take a moment to review this page, which includes our disclosure policy, guidelines, rules, the program\u2019s scope, rewards, and how to contact us.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-responsible-disclosure-policy\">Responsible Disclosure Policy<\/h2>\n\n\n\n<ul>\n<li>You give us a reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others.<\/li>\n\n\n\n<li>You make a reasonable faith effort to avoid privacy violations and disruptions to others, including (but not limited to) unauthorized access to or destruction of data and interruption or degradation of our services.<\/li>\n\n\n\n<li>You do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for further problems.)<\/li>\n\n\n\n<li>You do not intentionally violate any other applicable laws or regulations, including (but not limited to) laws and regulations prohibiting unauthorized access to data.<\/li>\n\n\n\n<li>For this policy, you are not authorized to access user data or company data, including (but not limited to) personally identifiable information and data relating to an identified or identifiable natural person.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-guidelines-amp-rules\">Guidelines &amp; Rules<\/h2>\n\n\n\n<p>Participating in JumpCloud\u2019s VDP requires you to follow our guidelines. Please adhere to the following guidelines to be eligible for rewards under this disclosure program:<\/p>\n\n\n\n<p>Residents in U.S. sanctioned countries (Cuba, Iran, Sudan, Syria, and North Korea) are ineligible.<\/p>\n\n\n\n<ul>\n<li>Don&#8217;t violate the privacy of other users, destroy data, disrupt our services, etc.<\/li>\n\n\n\n<li>Don&#8217;t request updates on an hourly basis. We are handling dozens of reporters daily, and spam impacts JumpCloud\u2019s efficiency.<\/li>\n\n\n\n<li>Only target your accounts in the process of investigating any bugs\/findings. Don&#8217;t focus, attempt to access, or otherwise disrupt the accounts of other users.<\/li>\n\n\n\n<li>Don&#8217;t target our physical security measures or attempt to use social engineering, spam, or distributed denial of service (DDOS) attacks.<\/li>\n\n\n\n<li>If you find a severe vulnerability that allows system access, you must not proceed further.<\/li>\n\n\n\n<li>JumpCloud decides to determine when and how bugs should be addressed and fixed.<\/li>\n\n\n\n<li>Disclosing bugs to a party other than JumpCloud is forbidden; all bug reports are to remain at the reporter and JumpCloud\u2019s discretion.<\/li>\n\n\n\n<li>The threatening behavior of any kind will automatically disqualify you from participating in the program.<\/li>\n\n\n\n<li>Exploiting or misusing the vulnerability for own or other\u2019s benefit will automatically disqualify the report.<\/li>\n\n\n\n<li>Bug disclosure communications with JumpCloud\u2019s Security team are to remain confidential. Researchers must destroy all artifacts created to document vulnerabilities (POC code, videos, screenshots) after the bug report is closed.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-vulnerability-disclosure-program-scope\">Vulnerability Disclosure Program Scope<\/h2>\n\n\n\n<p>The following services and domains are considered in scope:<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-in-scope-endpoints-and-systems\">In-Scope Endpoints and Systems<\/h2>\n\n\n\n<p>These specific endpoints and our endpoints are considered in scope:<br><\/p>\n\n\n\n<ul>\n<li>JumpCloud Agent Site (<strong>agent.jumpcloud.com<\/strong>)<\/li>\n\n\n\n<li>JumpCloud user and admin consoles (<strong>console.jumpcloud.com<\/strong>)<\/li>\n\n\n\n<li>JumpCloud API to access audit data (events.jumpcloud.com)<\/li>\n\n\n\n<li>JumpCloud endpoint for GSUite Integration (<strong>google-sync.jumpcloud.com<\/strong>)<\/li>\n\n\n\n<li>JumpCloud endpoint for client certificate deployment (<strong>kickstart.jumpcloud.com<\/strong>)<\/li>\n\n\n\n<li>JumpCloud endpoint for LDAP Service (<strong>ldap.jumpcloud.com)<\/strong><\/li>\n\n\n\n<li>JumpCloud endpoint for Office 365 Integration (<strong>o365-sync.jumpcloud.com<\/strong>)<\/li>\n\n\n\n<li>JumpCloud endpoint for post client certificate deployment (<strong>private-kickstart.jumpcloud.com<\/strong>)<\/li>\n\n\n\n<li>JumpCloud endpoint for RADIUS Service (<strong>radius.jumpcloud.com<\/strong>)<\/li>\n\n\n\n<li>JumpCloud Service Provider endpoint for SAML (<strong>sso.jumpcloud.com<\/strong>)<\/li>\n\n\n\n<li>JumpCloud Agents (<strong>endpoints deployed to systems<\/strong>)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-out-of-scope-endpoints-and-systems\">Out of Scope Endpoints and Systems<\/h2>\n\n\n\n<ul>\n<li>JumpCloud Support Site (<strong>support.jumpcloud.com<\/strong>)<\/li>\n\n\n\n<li>JumpCloud Main Site (<strong>jumpcloud.com<\/strong>)<\/li>\n\n\n\n<li>Vulnerabilities on sites hosted by third parties unless they lead to a weakness on any scoped endpoint.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-in-scope-vulnerabilities\">IN-SCOPE VULNERABILITIES<\/h3>\n\n\n\n<p>Generally speaking, any bug that poses a significant vulnerability could be eligible for a reward.&nbsp; It is entirely at JumpCloud\u2019s discretion to decide whether a bug is significant enough to qualify for an award.&nbsp; Security issues that typically would be eligible (though not necessarily in all cases) include:<\/p>\n\n\n\n<ul>\n<li>Cross-Site Request Forgery (CSRF)<\/li>\n\n\n\n<li>Cross-Site Scripting (XSS)<\/li>\n\n\n\n<li>Code Executions<\/li>\n\n\n\n<li>SQL injections<\/li>\n\n\n\n<li>Server-Side Request Forgery (SSRF)<\/li>\n\n\n\n<li>Privilege Escalations<\/li>\n\n\n\n<li>Authentication Bypasses<\/li>\n\n\n\n<li>File inclusions (Local &amp; Remote)<\/li>\n\n\n\n<li>Protection Mechanism bypasses (CSRF bypass, etc.)<\/li>\n\n\n\n<li>Leakage of sensitive data<\/li>\n\n\n\n<li>Directory Traversal<\/li>\n\n\n\n<li>Administration portals without an authentication mechanism<\/li>\n\n\n\n<li>Open redirects which allow stealing tokens\/secrets<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-out-of-scope-vulnerabilities\">OUT OF SCOPE VULNERABILITIES<\/h3>\n\n\n\n<p>Things that are not eligible for reward include:<\/p>\n\n\n\n<ul>\n<li>Social Engineering<\/li>\n\n\n\n<li>Lack of rate-limiting mechanisms<\/li>\n\n\n\n<li>Open redirects without a severe impact<\/li>\n\n\n\n<li>Application stack traces (path disclosures, etc.)<\/li>\n\n\n\n<li>Self-type Cross-Site Scripting \/ Self-XSS<\/li>\n\n\n\n<li>Vulnerabilities that require Man in the Middle (MiTM) attacks<\/li>\n\n\n\n<li>Denial of Service attacks<\/li>\n\n\n\n<li>CSRF issues on actions with minimal impact<\/li>\n\n\n\n<li>Cache Poisoning<\/li>\n\n\n\n<li>Clickjacking<\/li>\n\n\n\n<li>Incomplete or missing SPF\/DMARC\/DKIM records<\/li>\n\n\n\n<li>HSTS not enabled on <strong>*.jumpcloud.com<\/strong> websites<\/li>\n\n\n\n<li>Brute force attacks<\/li>\n\n\n\n<li>Security practices (banner revealing a software version, missing security headers, etc.)<\/li>\n\n\n\n<li>Bugs that do not have security implications<\/li>\n\n\n\n<li>Vulnerabilities on sites hosted by third parties unless they lead to a weakness on the main website<\/li>\n\n\n\n<li>Vulnerabilities are contingent on physical attack, social engineering, spamming, DDOS attack, etc.<\/li>\n\n\n\n<li>Vulnerabilities affecting outdated or unpatched browsers\/operating systems<\/li>\n\n\n\n<li>Bugs already are known to us, or previously reported by someone else (reward goes to the first reporter)<\/li>\n\n\n\n<li>Issues that aren&#8217;t reproducible<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-reporting\">Reporting<\/h2>\n\n\n\n<p>Send an email to <strong><a href=\"mailto:vulnerability@jumpcloud.com\">vulnerability@jumpcloud.com<\/a><\/strong> using the PGP key located here, with information about the vulnerability and detailed steps on how to replicate it.<\/p>\n\n\n\n<ul>\n<li>The report must pertain to an item explicitly listed under our in-scope vulnerabilities section.<\/li>\n\n\n\n<li>The report should also contain as much information as you can&#8211;ideally, a description of your findings, the steps needed to reproduce it, and the vulnerable component.<\/li>\n\n\n\n<li>If you need to share screenshots\/videos, please upload it to Google Drive (or any other upload service) and share with us the links to those files.<\/li>\n<\/ul>\n\n\n\n<p>We will make every effort to respond to accurate reports within seven business days.<\/p>\n\n\n\n<p>JumpCloud will utilize <a href=\"https:\/\/bugcrowd.com\/vulnerability-rating-taxonomy\" target=\"_blank\" rel=\"noreferrer noopener\">Bugcrowd&#8217;s VRT<\/a> for <strong>initial<\/strong> prioritization and review its overall impact for further prioritization based upon JumpCloud\u2019s Vulnerability Management Program.<\/p>\n\n\n\n<p>All Assessments are considered final.<\/p>\n\n\n\n<div class=\"pricing-page\">\n<div class=\"pricing-faqs\">\n<div class=\"card m-t-1\">\n  <header class=\"card-header\">\n    <a href=\"#pgp-key\" data-action=\"collapse\" class=\"card-header-title\">\n      <div class=\"faq-header-wrapper is-text-body-large-bold-stepdown\">\n        PGP key\n      <\/div>\n    <\/a>\n  <\/header>\n  <div id=\"pgp-key\" class=\"is-collapsible \">\n    <div class=\"card-content\">\n      <p class=\"faq-card-text is-text-body-standard-stepdown\">\n        <code>\n          &#45;&#45;&#45;&#45;&#45;BEGIN PGP PUBLIC KEY BLOCK&#45;&#45;&#45;&#45;&#45;<br>\n          Version: PGP Universal 3.4.2 (Build 10531)<br>\n          mQINBGRrjLwBEADi9Xm1ryJtXm4ut2PbIoJORbTXv5rkrg2KgUxhQyo2YNxp6mW1<br>\n          RlIjxzJp71RESG2kP3K0oV2JofVFcAuKdB\/KNx5O72n7Cg2drr6xcBPJK3Lld5Q6<br>\n          Bd54rGxUb3SMHrgXx+YvV1PzYIsz34mWQN\/2EwkeVpJ3rJGnyxnVPmzwixTBG3wH<br>\n          sBRX84HIKNNJsii3xBsmNzpgKrlAhjJkXz3iNYP+gNdW56fLW272SyeiTvqkdZQK<br>\n          uvoT04tWIteKF4+ETSbXjGQfqbCWdzwLmlPZASndVA9lT7IFVwWEVRvMKhSOMIcc<br>\n          U6gkG0BuP\/ZDY3wZsMvF5iSSQyQZiaVRM9\/zoJlmTWMKFfzWm8cZx5utIzbNqTRi<br>\n          0vRf903DkR\/pZLoQIKEBKDd09tbGrSGFWO0t8cKhZ3\/eEc4KjBxmovV6SS2F5C1O<br>\n          YqheJlGsXsM24ya5gt6HlMfuCDYGkZ\/LhzkQtDeTja+Olzd0s4kAT6rzpr0Gj4uu<br>\n          NTirKeyVlb3LnWMYkvzNzHjI9iGgt1FIos2prJngEEfSt8Vod24upVpseN5RuplN<br>\n          Y9k9k80+aoYQn+lJ6iFQ0Pk739mRZvxYC3mEgilbFScnF5efOgFD6EhWG\/pPw9ag<br>\n          \/EB\/oSV8zbrsHBIn6SEwqyMuDf041b1t50Cwm8P5fFmd6vxLJzITXYwxaQARAQAB<br>\n          tGhKdW1wQ2xvdWQgU2VjdXJpdHkgKGh0dHBzOi8vanVtcGNsb3VkLmNvbS92dWxu<br>\n          ZXJhYmlsaXR5LWRpc2Nsb3N1cmUtcG9saWN5KSA8dnVsbmVyYWJpbGl0eUBqdW1w<br>\n          Y2xvdWQuY29tPokCUQQTAQgAOxYhBBwGRsmrg96a+a1SI89nsno2xKqdBQJka4y8<br>\n          AhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEM9nsno2xKqd7rEP\/RPQ<br>\n          V56t+R3I64IU73UyHvtwifn286JTu9+K93nowW+UhOcj8WTIbQr66cpg5Z7\/gcR3<br>\n          gQKdIXX3tfkLgdF+IC19eV\/rnh61Inw1CX2E36AMgHMFVlpuTgv6opJUbLFoQWo2<br>\n          sxPkLo5LkWO54iLmVXALByvf6nmnYaPMFt7A\/xATrGnJbBG9pXxO5IR3hJ3wO+oD<br>\n          vwm1zLSwTxWq\/v7QhLzIPfJ8A5GZBTtn9nCrK4jXY\/69VY94MdSE7p\/cAYSEX38k<br>\n          HGzGGcROBAYjjw2D2VVKRE7Eultvt9V6SbDrQHLA1SVoOrOc\/FwxQDonoyqScpvt<br>\n          a4WeocFD1exR50aHTKmXm2rdUeiyDsBFgQ4kSMmuYIuUzqJAQiyCSIK6pzk5VT0i<br>\n          wwrD37n9m\/cZg2tWnIHgR9JxW3Z5sr7T2MiRlNqQc7NhmOe0W6SdNLmPeyqG4QF3<br>\n          9V6dayYOjM3wjvUfTPhLh8yEtJEXAOtxjCx8VCU6ptTf6QJe\/G3WmWs8me1MexbQ<br>\n          qN3vgmWJ2tCloNoLq3G1N9XEb0c1lqiTTSeNnlXCSVTXXd0vO6VXgDjfEowpaA2G<br>\n          T6F1kgBkx4CkT\/pKaacWUvCPTutj0Tjm0+lKOKGuYTp2Vr3ixNb2KBoAin\/nVNDA<br>\n          482CZt+UHElFZJC0cIa8SRdBiJH6kgFdykSx56mAiQEiBBABCAAMBQJka5xOBQMA<br>\n          EnUAAAoJEJcQuJvKV618BxAH\/RDHiH1dvQ8AlVwYzyFK+5\/KUxfxSRzjoNol7glw<br>\n          f3rk0+uV6mHEp7HO6xkSy4iSrgdVl4Y\/ExhPhohBMdwWrtNM71WYWADlaPcScrLW<br>\n          759qrg6tJL\/hnN0V7PR8YD\/Tf2YgyJp9k8Q1Ztpfzlh\/DBXnxYEzrRy\/e\/xnN1sF<br>\n          y1ZC+YtcQK2QNyEPJuFevdo\/GtAUek+IB1ppEYHgJkwGwLPy0fdIoXAp5tILohF+<br>\n          nsH1bZ4\/SRC6A7lFnjDGtpBwWyjKp61Yjr9lV\/TEkp\/B8npbl\/UTxbS7I8629g+n<br>\n          vSaAdhTqhurjQld76Ow1H5Z4IeVhSllgWBipKswclyZEFM+5Ag0EZGuMvAEQANdM<br>\n          6O239URzbr571R68XwJoIhOxuz9xtPYiehLmlwY6tjcBRoLLb03TRcBajjWVHrhG<br>\n          aE+GQZkiyt0JCI0fS0GeQfcmWCuqKQbDT8GG1LYbR+Q0GoDyiiC1oeBW5eSJrIav<br>\n          Cnfw7GqcTKJydN1cDmhBk9wzABbpP9NK74wgrcY00PNQbixHxFWNKsgVezqORSBZ<br>\n          ej4SQol0OeDzdrXLXF\/oG75GwOvfoQcIvVtR4nsbJHyjuc9j0uQb7SooKn0p4q2P<br>\n          b8dVqVjHeImI3SVij5Lyf5Gvf3ABy8CWO0KNJENAQCyn+dj9IvZM7HCj8IOZ6YWO<br>\n          ZqZIpxkENRAR7BFVliO0C\/lJeI2PuGnFzOguycBGgaVOR627FGn6iLg5V71nHCc4<br>\n          Z77or7+nuUe3Q\/VM7+AGvmntbXi4c15Jxtaqj9eGfCcHlSCoa7YaG3Vmlzcee9xg<br>\n          X4\/iSK0rpVjMGNY3b6HsRa6kHlv\/Dno+FFBzNloKk2OdjyOMZDebZKDcgkgsIDbk<br>\n          GdWGhbbkt16r8A5yqfZ1+5P7blEzHxdEyOuzhAdn8smtP8Odgx5uJHsNk8twSwl0<br>\n          GIe6jPHWtmEahN3mpYzB6mb7fLWoschA3lW5pG9QeCkF3g5\/hxoTUJU1oX2Ck7Xv<br>\n          2RrRSY51SJL4NWJiR\/eOvec3VOyDCdN1Br32ybpxABEBAAGJAjYEGAEIACAWIQQc<br>\n          BkbJq4PemvmtUiPPZ7J6NsSqnQUCZGuMvAIbDAAKCRDPZ7J6NsSqndm5EACh+Xay<br>\n          qL+n64ajKuSjQpvSA0T8Dk1pDYMeKBZgfFL1zQPid272nttugG6Nlksc+MvL+4KH<br>\n          oKX+T7c1g9kJRNeOTIM2Epaiu\/xEwUPacqLI6sx5pL5rEbUq\/iT+T5o3DuQ1pPE4<br>\n          uaHbyx3K1\/cxuDu9VMOpUwhUpXeBCy+WL4e0N7NOwKYF7A++Z1rI5\/9HE2lwwY\/0<br>\n          9ctC5YIjfK4u7hmJe2ts0N\/jjHJpeK+hSuk3KoncphvdGYnj2nVgW3eg06CuDcq5<br>\n          jfo1+afdBRxIQN84oI5lizNYoTHPxiIh2Ob0ZZ5ZsoT6lvQ+z4h0pacYiQHkKPFR<br>\n          nSIOedI4DO4fKM9DkYnHQ10pDyG4BgIxkTWdN0vKXG0le3Hw5kgTlyJtb0u7Dg1W<br>\n          Au\/nRgYu0UtDRPLa\/ca0Gp7kkPKsJ5zvTZPTeSFThpfuerPb94WUtXA4X9CV\/DhP<br>\n          U2KwNHI\/dUdJx7EVEcSWdONsQPe7fPPlxTXM5CBe5tqhKvi01CBiXky\/aoR1RKzC<br>\n          iM1pgPXkUlQG4CGy8XkEDrJh1SmNdH0xX1AW4srlokUbefeHfzY7hxAg\/DxKZKSH<br>\n          ZsidiSHmAG26BXpUs5N3F1qBiurao9FChNCKlcTe8ecEQRQOiLeT7ZfQnSA0y5dm<br>\n          D3UCBlrzO1aKp50ptQ3NCyP8Lz1eG\/ixb3LvOA==<br>\n          =Gqmu<br>\n          &#45;&#45;&#45;&#45;&#45;END PGP PUBLIC KEY BLOCK&#45;&#45;&#45;&#45;&#45;\n        <\/code>\n      <\/p>\n    <\/div>\n  <\/div>\n<\/div> <!-- \/.card -->\n<\/div>\n<\/div>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"h-ratings-rewards\">Ratings\/Rewards<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-ratings\">Ratings<\/h2>\n\n\n\n<p>For the initial prioritization\/rating of findings (with a few exceptions), this program will use the <a href=\"https:\/\/bugcrowd.com\/vulnerability-rating-taxonomy\">Bugcrowd Vulnerability Rating Taxonomy.<\/a><br><\/p>\n\n\n\n<p>However, it is essential to note that in some cases, a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-rewards\">Rewards<\/h2>\n\n\n\n<p>At present, we can only offer non-cash rewards, including:<\/p>\n\n\n\n<ul>\n<li>A gift card from Amazon (www.amazon.com)<\/li>\n<\/ul>\n\n\n\n<p>Only the first report we receive about a given vulnerability will be rewarded. We cannot send rewards where prohibited by law.<\/p>\n\n\n\n<p>Residents in U.S. sanctioned countries (Cuba, Iran, Sudan, Syria, and North Korea) are ineligible.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Priority<\/strong><\/td><td><strong>Reward<\/strong><\/td><\/tr><tr><td>P1<\/td><td>100 US Dollars via Amazon Gift Card<\/td><\/tr><tr><td>P2<\/td><td>50 US Dollars via Amazon Gift Card<\/td><\/tr><tr><td>P3<\/td><td>25 US Dollars via Amazon Gift Card<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-disclosure\">Disclosure<\/h2>\n\n\n\n<p>Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-questions\">Questions<\/h2>\n\n\n\n<p>If you have any questions about our VDP, please contact <a href=\"mailto:vulnerability@jumpcloud.com\">vulnerability@jumpcloud.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction JumpCloud is committed to protecting the privacy and security of our customers.&nbsp; Although we have taken every effort to [&hellip;]<\/p>\n","protected":false},"author":52,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"tags":[],"platform":[],"funnel_stage":[],"coauthors":[2531],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerability Disclosure Policy - JumpCloud<\/title>\n<meta name=\"description\" content=\"Read JumpCloud&#039;s vulnerability disclosure policy to learn more about our commitment to protecting the privacy and security of our customers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerability Disclosure Policy\" \/>\n<meta property=\"og:description\" content=\"Read JumpCloud&#039;s vulnerability disclosure policy to learn more about our commitment to protecting the privacy and security of our customers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-01T20:04:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/jumpcloud-logo-2023.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Jon Griffin\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy\",\"url\":\"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy\",\"name\":\"Vulnerability Disclosure Policy - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2020-09-03T22:37:26+00:00\",\"dateModified\":\"2024-07-01T20:04:36+00:00\",\"description\":\"Read JumpCloud's vulnerability disclosure policy to learn more about our commitment to protecting the privacy and security of our customers.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerability Disclosure Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Vulnerability Disclosure Policy - JumpCloud","description":"Read JumpCloud's vulnerability disclosure policy to learn more about our commitment to protecting the privacy and security of our customers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy","og_locale":"en_US","og_type":"article","og_title":"Vulnerability Disclosure Policy","og_description":"Read JumpCloud's vulnerability disclosure policy to learn more about our commitment to protecting the privacy and security of our customers.","og_url":"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy","og_site_name":"JumpCloud","article_modified_time":"2024-07-01T20:04:36+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/jumpcloud-logo-2023.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"6 minutes","Written by":"Jon Griffin"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy","url":"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy","name":"Vulnerability Disclosure Policy - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2020-09-03T22:37:26+00:00","dateModified":"2024-07-01T20:04:36+00:00","description":"Read JumpCloud's vulnerability disclosure policy to learn more about our commitment to protecting the privacy and security of our customers.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/vulnerability-disclosure-policy"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/vulnerability-disclosure-policy#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Vulnerability Disclosure Policy"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/pages\/47529"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/52"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=47529"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/pages\/47529\/revisions"}],"predecessor-version":[{"id":112426,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/pages\/47529\/revisions\/112426"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=47529"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=47529"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=47529"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=47529"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=47529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}